The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
Grid Dynamics are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and all local data protection laws in all states Grid Dynamics offices and employees are operating.
Grid Dynamics are dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
Grid Dynamics already have a consistent level of data protection and security across our organisation, demonstrated by our compliance with ISO 27001:2013 since 2014, however it is our aim to be fully compliant with the GDPR by 25th May 2018. Our preparation includes:
Grid Dynamics takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust ISO 27001:2013 aligned information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of applicable security measures, including:
- strict data classification system that defines all personally identifiable information as Confidential by default with controls such as listed below applied and enforced
- two factor authentication
- strong data encryption in transit and at rest
- strict password policy enforcement and regular password strength checks
- need-to-know access rights only, regularly reviewed for all access types
- network separation of systems that hold sensitive data
- priority of regular vulnerability scanning of such systems
- priority of any alerts originating from these systems
- Intrusion Detection, centralised logging and monitoring
- business antimalware updated in real time
- security awareness training and testing of our employees who have access to personal data which includes regular phishing tests
Grid Dynamics have designated a Data Protection Officer and have appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. The team are responsible for promoting awareness of the GDPR across the company, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and controls.
Grid Dynamics understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. We have implemented an employee training program specific to the which will be provided to all employees since May 25th, 2018, and forms part of our induction and annual training program.
If you have any questions about our preparation for the GDPR, please contact firstname.lastname@example.org
We look forward to connecting with you.
Please provide us with your preferred contact method so we can be sure to reach you.
Thank you, your request has been mailed.
We will get back to you promptly.
Sorry, we seem to have a glitch and couldn’t process your message.
Please, email us the old-fashioned way to email@example.com,
or call 650-523-5000.